Intel microcodes now updated for all products from last 5 years

In an email to HEXUS, and an associated blog post, Intel has announced that it has updated the microcode for all of the products it has launched in the past five years. Of course, it is talking about the CPU product range and their mitigations against the Meltdown and Spectre vulnerabilities. It may seem like this work has taken an eternity, but it has only been 74 days since the vulnerabilities came to light outside of a tight circle of security researchers and chip makers.

Intel CEO Brian Krzanich wrote that there have been thousands of people working tirelessly to protect customers and their data as per the Security-First Pledge he made in January. Furthermore, as per the pledge, a great deal of security work will go on.

The key part of the latest statement is that microcode updates for 100 per cent of Intel products launched in the past five years (those that require protection against the side-channel method vulnerabilities discovered by Google), have now been released. Krzanich took the opportunity to recommend that users don't just update their systems with these latest microcode patches but just generally keep their systems up to date as "It’s one of the easiest ways to stay protected."

With regard to Variant 1 (Spectre): CVE-2017-5753, Variant 2 (Spectre): CVE-2017-5715, and Variant 3 (Meltdown): CVE-2017-5754 - it is noted that Variant 1 will continue to be addressed via software mitigations, but Intel is making changes to its hardware design to further address the other two.

Hardware redesign

Intel notes that in-silicon fixes for Meltdown and Spectre will be baked into next-generation Intel Xeon Scalable processors (code-named Cascade Lake) and new 8th generation Core processors, expected to start shipping from H2 this year. The major change is described as the implementation of partitioning (simply visualised above). In effect this creates additional 'protective walls' between applications and user privilege levels to create an obstacle for bad actors, says Intel.

Login with Forum Account

but it has only been 74 days since the vulnerabilities came to light outside of a tight circle of security researchers and chip makers.

But they've known for much longer than this, so why the heck didn't they have these fixes out *before* the embargo lifted? I doubt it's taken them since June/July to investigate and fix, given how rushed the patches have been so far.

Not to bash Intel, it's not 74 days that led to this fix, it was 274 days since Intel was apprised. Please make sure the right info is used. Because you make it look like Intel sat on their laurels for 200 days before starting to work on a fix.

However, taking 274 to create a fix and even then had to be re-released 2-3 times either shows Intels incompetence or they really didn't think it to be much of a big deal.

Can anyone check about AMD microcode for Spectre 2? My Google fu is not bringing up any results but I'm sure they brought a microcode for it.

But they didn't fix it in 74 days…(it was my first thought as well when I read the article)…. it's been 74 days since the public found about the issues, Intel knew a lot longer than that.

And that link from airwave doesn't seem to mention my i7 4790k (ie haswell) even though it was released in Q2 2014 … now I wonder how long it will take for the motherboard manufacturers to do a bios update or is this just going to be applied via ‘windows update’

edit: ah would appear my motherboard manufacturer (ASRock) has had a new bios for my motherboard since the 13 March 2018… hmm, time to google and see how buggy it is lol